P
US9825835B2ActiveUtilityPatentIndex 81

Systems and methods for implementing a traffic visibility network

Assignee: GIGAMON INCPriority: Sep 30, 2011Filed: Feb 9, 2015Granted: Nov 21, 2017
Est. expirySep 30, 2031(~5.2 yrs left)· nominal 20-yr term from priority
Inventors:LEONG PATRICK PAK TAKHOOPER PAUL ANDREW
H04L 41/14H04L 41/12H04L 43/18H04L 43/10H04L 63/30H04L 43/06H04L 43/028H04L 43/20H04L 41/40
81
PatentIndex Score
5
Cited by
26
References
20
Claims

Abstract

A method of packet processing, includes: providing a plurality of network appliances that form a cluster, wherein two or more of the plurality of network appliances in the cluster are located at different geographical locations, are communicatively coupled via a private network or an Internet, and are configured to collectively perform out-of-band packet processing; receiving a packet by one of the network appliances in the cluster; processing the packet using two or more of the plurality of the appliances in the cluster; and passing the packet to one or more network monitoring tools after the packet is processed.

Claims

exact text as granted — not AI-modified
What is claimed: 
     
       1. A method of packet processing comprising:
 operating a plurality of network appliances as a cluster, wherein two or more of 
 the plurality of network appliances in the cluster are communicatively coupled to each other via a first network; 
 receiving a packet from a second network by one of the network appliances in the cluster, the second network including a transmitting node that transmits the packet and a receiving node that is an intended recipient of the packet; 
 determining a state of a source associated with the packet; 
 processing the packet based on the state of the source using two or more of the network appliances in the cluster; 
 and passing the packet from one or more of the network appliances in the cluster to one or more network monitoring tools, the one or more network monitoring tools being configured to perform packet analysis and not being the intended recipient of the packet, wherein said passing the packet includes, if the determined state of the source has a first state value, then passing the packet to a first subset of the one or more network monitoring tools, and if the determined state of the source has a second state value, then passing the packet to a second subset of the one or more network monitoring tools. 
 
     
     
       2. The method of  claim 1 , further comprising changing a network traffic mapping utilized by one or more of the plurality of network appliances based on the determined state of the source. 
     
     
       3. The method of  claim 1 , wherein the state of the source is determined by receiving information regarding the source from an in-band device. 
     
     
       4. The method of  claim 1 , wherein the state of the source is determined by receiving information regarding the source from an out-of-band device. 
     
     
       5. The method of  claim 1 , wherein the state of the source is determined by analyzing network traffic pattern from the source. 
     
     
       6. The method of  claim 1 , wherein the plurality of network appliances comprises a first network appliance and a second network appliance, and said processing the packet comprises passing the packet from the first network appliance to the second network appliance. 
     
     
       7. The method of  claim 6 , wherein each of the first and second network appliances has a network port for receiving packets from a network, and an instrument port. 
     
     
       8. The method of  claim 6 , wherein each of the first and second network appliances is an out-of-band device. 
     
     
       9. A packet processing system comprising:
 a plurality of network appliances forming a cluster, wherein two or more of the plurality of network appliances in the cluster are communicatively coupled via a first network and are configured to collectively perform out-of-band packet processing, the first network including a transmitting node that transmits a packet and a receiving node that is an intended recipient of the packet; 
 wherein the cluster is configured to receive the packet from a second network determine a state of a source associated with the packet, pass the packet to one or more network monitoring tools based on the state of the source, wherein the cluster is configured to pass the packet to a first subset of the one or more network monitoring tools if the determined state of the source has a first state value, and to pass the packet to a second subset of the one or more network monitoring tools if the determined state of the source has a second state value, the one or more network monitoring tools being configured to perform packet analysis and not being the intended recipient of the packet. 
 
     
     
       10. The packet processing system of  claim 9 , wherein the cluster is configured to change a network traffic mapping utilized by one or more of the plurality of network appliances based on the determined state of the source. 
     
     
       11. The packet processing system of  claim 9 , wherein the cluster is configured to determine the state of the source by analyzing network traffic pattern from the source. 
     
     
       12. The packet processing system of  claim 9 , wherein the determined state of the source indicates whether an increased level of network monitoring is desired. 
     
     
       13. The packet processing system of  claim 9 , wherein the plurality of network appliances comprises a first network appliance and a second network appliance, and the cluster is configured to process the packet by passing the packet from the first network appliance to the second network appliance. 
     
     
       14. The packet processing system of  claim 13 , wherein the packet is passed from a stacking egress port at the first network appliance to a stacking ingress port at the second network appliance. 
     
     
       15. The packet processing system of  claim 13 , wherein each of the first and second network appliances has a network port for receiving packets from a network, and an instrument port. 
     
     
       16. The packet processing system of  claim 13 , wherein each of the first and second network appliances is an out-of-band device. 
     
     
       17. A packet processing system comprising:
 a network switch appliance having a network port configured to receive a packet from a network; 
 a plurality of instrument ports, each configured to be coupled to a different one of a plurality of network monitoring instruments; 
 and a processor configured to determine a state of a source associated with the packet at a plurality of time points, and to determine, based at least in part on the determined state of the source, 
 one or more of the plurality of network monitoring instruments to which to send the packet, via a corresponding one or more of the instrument ports, after the packet has been processed by the packet processing system, wherein if the determined state of the source has a first state value, then the network switch appliance passes the packet to a first subset of the one or more instrument ports and if the determined state of the source has a second state value, then the network switch appliance passes the packet to a second subset of the one or more of the instrument ports. 
 
     
     
       18. The packet processing system of  claim 17 , wherein the processor is configured to determine the state of the source by analyzing network traffic pattern from the source. 
     
     
       19. The packet processing system of  claim 17 , wherein the source comprises a user of a device that provides the packet, and the processor is configured to determine the state of the source by determining a state of the user. 
     
     
       20. The packet processing system of  claim 17 , said system comprising a plurality of network switch appliances, including said network switch appliance, wherein the first and second subsets of the plurality of instrument ports include first and second instrument ports, respectively, on different ones of the plurality of network switch appliances.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.